LiteLLM PyPI Supply Chain Attack: 40,000 Backdoored Downloads
A threat group called TeamPCP poisoned the Trivy GitHub Action to steal LiteLLM's PyPI publishing token, then pushed two backdoored versions that harvested cloud credentials, SSH keys, and Kubernetes tokens…





